On 28/12/2023 23:37, Chang, Abner via groups.io wrote:
As far as I am aware, EfiHttpRequest sets up all of the relevant data
structures but functions as a non-blocking open. If you reconfigure the
TLS session immediately after return from EfiHttpRequest() then this
reconfiguration should take effect before any network packets have been
transmitted or received. I have not tested this, though.
If the immediate reconfiguration does not work, then your suggestion of
hooking SetSessionData() sounds like the easiest approach.
I think the non-blocking transfer still sends out the request but just not
waiting the response there, have to check the implementation.
The code seems to construct the HTTP request and enqueue it, but unless
it blocks polling on the network somewhere then the most it can do in
terms of network I/O is to send out the initial TCP SYN. (Not even
that, if a DNS lookup is required.)
The implementation could plausibly construct and enqueue the
ClientHello, in which case it would be too late to modify the cipher
suite list, but any attempt to verify the hostname definitely can't
happen until a lot of network I/O has taken place.
Good luck! :)
Thanks,
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112995): https://edk2.groups.io/g/devel/message/112995
Mute This Topic: https://groups.io/mt/103368438/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
